[SLE] Suddenly I have to disable Apparmor to start postfix.
Hello, I can not figure out what has changed to cause this error. Suddenly today after a power outage(2 hours) that caused a shutdown and reboot of the system. I get in /var/log/mail... Jul 7 18:37:46 xenau postfix[9301]: fatal: file /etc/postfix/main.cf: parameter default_privs: unknown user name value: nobody Jul 7 18:39:08 xenau postfix/postfix-script: fatal: the Postfix mail system is not running postfix starts after I disable apparmor without the message. I enable apparmor and try to reload postfix and I get the error. I have an other system with all the files exactly the same in /etc/apparmor.d/ and /etc/apparmor/, that does not have the problem I have apparmor running on it and I am able to start and stop it. The /etc/main.cf files are almost totally the same. The only difference is in the system name. master.cf is also identical. There is one other difference. The other difference is one has a masguerade_domain and the other does not. One machine. masquerade_domain = The other machine. masquerade_domain = zenez.com On a third machine I have in dynamicmaps.cf pgsql /usr/lib/postfix/dict_pgsql.so dict_pgsql_open And it too fails with the message. None of the machines have a etc.postfix.dynamicmaps.cf in /etc/apparmor.d. All three machines have the exact same files in /etc/apparmor.d and /etc/apparmor. Any ideas on what I have to do to get apparmor to work again and fix it for the third system that has pgsql in the dynamicsmaps.cf file. Thanks, -- Boyd Gerber <gerberb@zenez.com> ZENEZ 1042 East Fort Union #135, Midvale Utah 84047 -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
I had a similar issue (that I filed a bug on) with sendmail, and it turned out apparmor was the culprit there too. I just unistalled it. I've gotten by on unix/linux for years without such a POS, I can do without it now. Michael -- San Francisco, CA -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Sat, 8 Jul 2006 11:23 am, Michael Nelson wrote:
I had a similar issue (that I filed a bug on) with sendmail, and it turned out apparmor was the culprit there too. I just unistalled it. I've gotten by on unix/linux for years without such a POS, I can do without it now.
I had a play with apparmor and was quite impressed. If it breaks postfix and you want to extend postfix's profile, what you need to do is add "flags=(complain)" to it's profile definition file. Trouble is postfix has separate files for all its bits. However using the "complain" command makes it easy. root> complain /usr/lib/postfix/* There, now if you look in /etc/apparmor.d/ you'll see all the "usr.lib.postfix.*" files in complain mode. The messages in /var/log/messages will tell you what need to be changed to go back into "enforce" mode. There are also automatic profile generating and extending tools that garner the experience from running in complain. What tripped my postfix up was chrooting the smtpd. First I had to allow chrooting capability, then I had problems because the chrooted process wants to read and write files like /default/* It's really /var/spool/postfix/default/ but the chrooted process doesn't know that. Do I gain anything with chroot once I'm running apparmor? Should I simply tell postfix not to do it? michaelj -- Michael James michael.james@csiro.au System Administrator voice: 02 6246 5040 CSIRO Bioinformatics Facility fax: 02 6246 5166 No matter how much you pay for software, you always get less than you hoped. Unless you pay nothing, then you get more. -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
participants (3)
-
Boyd Lynn Gerber -
Michael James -
Michael Nelson